CVE-2019-7393

moderate-risk
Published 2019-05-28

A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (6)

Risk Authentication
Risk Authentication
Risk Authentication
Strong Authentication
Strong Authentication
Strong Authentication

Affected Vendors

Ca

References (10)

Third Party Advisory http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privil...
Mailing List http://seclists.org/fulldisclosure/2019/May/43
Third Party Advisory http://www.securityfocus.com/bid/108483
Mailing List https://seclists.org/bugtraq/2019/May/66
Vendor Advisory https://support.ca.com/us/product-content/recommended-reading/security-notices/C...
Third Party Advisory http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privil...
Mailing List http://seclists.org/fulldisclosure/2019/May/43
Third Party Advisory http://www.securityfocus.com/bid/108483
Mailing List https://seclists.org/bugtraq/2019/May/66
Vendor Advisory https://support.ca.com/us/product-content/recommended-reading/security-notices/C...
35
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 4/34 · Minimal
Exposure 13/34 · Low